Overview

overview

10

Static

static

paint.net....64.exe

windows7-x64

8

paint.net....64.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    paint.net.4.3.12.install.x64.exe.7z

  • Size

    60MB

  • Sample

    220912-qsq9hsdch7

  • MD5

    956bdf9c0afb60e53598c90faf5545dd

  • SHA1

    8b6b15862c7747403f6fe5cfe9cd1f0683a06a03

  • SHA256

    970064829477d473fdb0c663c8282fb373fee12b4c34fc4d2dda7cf11c9148fc

  • SHA512

    b64ce46f1f002749523f8901231d7d11b34499baf03d148a730e0fcb60ad62c13446daf5082506ebb6761e0ba10d4d21ed54b8fa813690e10e3a43e8683a570f

  • SSDEEP

    1572864:l0yBpABCQvjMcj1jmcwi3fWdQd//6QS5kDsNT:10BCi7/fWdQd//6JN

Score
10/10
coreentity

Malware Config

Targets

    • Target

      paint.net.4.3.12.install.x64.exe

    • Size

      61MB

    • MD5

      c355a5829ac1552e152310346918af9f

    • SHA1

      751e2f9b513dc5489912a4d9ab9e64a7d78eeff4

    • SHA256

      fc8d19614f448f5f345219f87f947813e14608b61cdd2812b36a4d1bfc4b2fc0

    • SHA512

      72190d20b98f854c1b2135d045aad4949c19f0211f6bbfd8f824c6369f9841a5d0c13a48606fe63ce4cf6591780fb59db558c3b46b31118398e380da006980eb

    • SSDEEP

      1572864:E1tiSf6SCXKvQK5G4ULJgJsFN82imwmf93lz/iExUI+OM:0t3Qy4MQi6RlcK

    Score
    10/10
    coreentity

    • CoreEntity .NET Packer

      A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

      coreentity

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks